1994-12-02 - public accounts / PGP / passphrases

Header Data

From: lmccarth@ducie.cs.umass.edu
To: cypherpunks@toad.com
Message Hash: 37dc698202e3aa406468aff6ac65407b6764741ee917b53c1b13c9c936f414f4
Message ID: <199412020218.VAA06287@bb.hks.net>
Reply To: N/A
UTC Datetime: 1994-12-02 02:14:01 UTC
Raw Date: Thu, 1 Dec 94 18:14:01 PST

Raw message

From: lmccarth@ducie.cs.umass.edu
Date: Thu, 1 Dec 94 18:14:01 PST
To: cypherpunks@toad.com
Subject: public accounts / PGP / passphrases
Message-ID: <199412020218.VAA06287@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


[This message has been signed by an auto-signing service.
 A valid signature means only that it has been received at
 the address belonging to the signature and forwarded.]

-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----

Hal writes:
> Just create a special key for your netcom account.  Use no pass phrase;
> using one would give a misleading sense of security IMO.  Just pass your
> mail through "pgp -saft" or equivalent and you've got it.  It is easy to
> do this from most editors.

Could someone please elaborate on the foolishness of using PGP with a 
passphrase on a public machine (as I do) ?  Am I wrong in thinking that my
secret key is useless to an intruder until she guesses my passphrase ?  I
have no net access except via an account on a public machine, so I'm not
about to start storing my secret key elsewhere, but I'll change my passphrase
to <null> if it's irrelevant anyway.  I just reviewed the PGP docs a bit and
Phil says "Nobody can use your secret key file without this pass phrase.",
which seems to contradict what many people on the list have said.

- - -L. Futplex McCarthy; PGP key by finger or server
"Don't say my head was empty, when I had things to hide...." --Men at Work

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.1

iQCVAwUBLt6Cq2f7YYibNzjpAQF3KwP/ZgxKliBQe+BQ+Q0FfiN9ycxTRWRHlPWY
qF4iqmxT70uWLm6hsSX6A88EKv1E+k4mfYhVAnT8XQCTp2wEYMVOHvlFJQiKHOCj
55Cot8bL7JCrJ+lUIDdCPOnNra61F2cc+S26EyB5jIKvudzkPLsWI49galG201M7
ILld5lrJhAw=
=vc9N
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBFAwUBLt6D+ioZzwIn1bdtAQGz5gF+Kokq6ZW/HpgRWowG2/+3QB913tJD2opJ
+gKNrxqTK40qzj/8pdNNpreKYrf4rWIi
=9YBk
-----END PGP SIGNATURE-----





Thread